Skip to main content

Incorrect Permission Assignment for Critical Resource

CVE-2022-32169

Severity Medium
Score 4.3/10

Summary

The “Bytebase" application does not restrict low privilege user to access “admin issues“ for which an unauthorized user can view the “OPEN” and “CLOSED” issues by “Admin” and the affected endpoint is “/issue”. This issue affects versions prior to 1.10.0.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • LOW
  • LOW
  • NONE

CWE-732 - Incorrect Permission Assignment for Critical Resource

The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.

References

Advisory Timeline

  • Published